IT governance is a concept that many companies employ to help manage risk, control IT costs, and ensure their IT functions to its fullest potential. Typically, customers working with managed services providers (MSPs) want reassurance that the MSP will be able to offer them the same benefits that larger companies get with in-house IT governance. Indeed, there are significant cost savings that can be achieved by implementing an IT governance framework. Proctor & Gamble, after implementing an IT governance framework, saved $500 million over four years. IT governance helped the consumer goods brand reduce its operating costs and streamline its technology teams to achieve significant savings. For MSPs, it’s good practice to include strong IT governance as part of your service offerings.
What is meant by IT governance?
IT governance is defined by the IT Governance Institute as “the responsibility of executives and the board of directors, and consists of leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.”
Industry analysis firm Gartner includes two key subsets related to IT governance: IT demand governance (ITDG) and IT supply-side governance (ITSG). These terms describe what IT should work on (ITDG) and how IT should work (ITSG) in an organization. In practice, IT governance includes a combination of personnel, tools, and frameworks.
Who implements an IT governance structure? These programs exist in both the public and private sector and are useful for any organization that seeks to optimize the way their IT function supports strategic business objectives. IT governance programs are especially prevalent in sectors like finance and technology where data collection is common and regulations are particularly rigid. Smaller entities may not have the budget or resources for a formal IT governance program—hence the need for MSPs to get essential IT governance in place for these customers.
What is the role of IT governance?
The IT governance team is part of the overall leadership team, as the goal of IT governance is to align an organization’s IT function with the company’s business goals. In this context, MSPs are often asked to align their IT services with existing internal business practices. When IT governance works well, the company and the MSP work together to create structures that help an organization stay on track to meet their KPIs and achieve the deliverables expected by stakeholders.
One of the main roles of IT governance is to help organizations stay compliant with the regulations that govern data protection, financial accountability, and disaster recovery. In addition to federal and international regulations like the GDPR, an enterprise may also have internal requirements for handling confidential information and retaining data. A formal IT governance program can establish a system of best practices and checks and balances to make sure these requirements are met.
In practice, IT governance reports go directly to the organization’s senior leadership. The role of an IT governance initiative will be to ensure that IT decisions will further the company’s progress toward their larger goals. The MSP will be tasked with ensuring:
- The organization’s IT delivers functionality and services that help accomplish the top business priorities
- Any new investment in IT technologies allows the business to achieve new, tangible results that would not be possible without that investment
- IT leads to better stakeholder satisfaction—customers, partners, and investors
- Resources are being used to their full potential while ROI on IT equipment and services is optimized
- IT-related risks and liabilities are managed proactively
One of the benefits of considering IT governance as part of your MSP offerings is that the added value could far exceed the effort. Your customers can rest assured that you will be tasked with taking a 360-degree, high-level view of IT strategy.
Why is IT governance important?
First and foremost, IT governance means you can help your customers achieve their desired outcomes. IT investments are carefully considered, and each procurement is associated with an expected return on customer satisfaction, productivity, or resource management. Encouraging an organization to align their IT spending with business priorities can improve cost savings, reduce redundancies, and make the most of new products or services.
IT governance planning also leads to better alignment and responsiveness in terms of the organization’s objectives. Articulating a company’s priorities means both the MSP and the organization will be transparent about their IT needs and expectations and set standards around responsiveness to any workflow bottlenecks or implementation challenges. Standardizing processes and platforms can streamline IT operations and remove red tape.
In addition, governance allows for objective decision-making for MSPs investing their resources in various IT solutions. An IT governance model can help an MSP make decisions about managing and controlling IT activities across their customers. With guidelines, MSPs can manage their own critical resources properly and pass those benefits on to customers—for instance, IT governance may dictate how and when a piece of IT equipment can be replaced or a subscription renewed.
What are IT governance frameworks?
To realize the benefits outlined in the previous section, it is best practice to establish an IT governance model. A framework can help an MSP implement policies and procedures and maintain their program year after year.
There are five common IT governance frameworks examples that organizations:
- COBIT: COBIT stands for Control Objectives for Information and Related Technologies. This framework is created by the Information Systems Audit and Control Association (ISACA) and is designed specifically for enterprise IT. COBIT is considered the industry standard best practice IT governance framework.
- ITIL: ITIL is an acronym for Information Technology Infrastructure Library. This framework considers how IT service strategy, design, transition, operations, and service improvement can support core business practices.
- COSO: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) focuses on internal controls, rather than on IT-specific functions, integrating other frameworks like risk management and fraud prevention.
- CMMI: The Capability Maturity Model Integration framework is primarily concerned with performance improvement, using a scale to evaluate an organization’s performance, quality, and profitability.
- FAIR: The last and newest framework is Factor Analysis of Information Risk, a tool that helps organizations quantify their level of risk.
What is a top IT governance framework?
One of the most common IT governance frameworks, COBIT, is the framework set forth by the ISACA, used by enterprises across industries to ensure their IT function performs to its fullest potential. The first COBIT framework was established in 1996, and since then COBIT has been updated to address new trends, technologies, and security needs. COBIT’s framework includes 40 governance and management objectives for IT governance. The system is built to be flexible and customizable, all the while focusing specifically on security, risk management, and information governance.
COBIT’s framework is designated by five key principles essential for the way organizations consider their IT function:
- Stakeholder needs
- Complete service coverage
- A single, integrated framework
- A holistic approach
- The separation of governance and management
By using these principles, an organization can build out its IT governance framework that meets the needs of these so-called “enablers”—people, policies, processes, organizational structures, culture and behavior, information, and services or applications. COBIT is designed to be somewhat fluid, meaning an organization can combine this framework with any of the other existing models (ITL, CMMI, etc.). For any organizations in a regulated industry, such as finance or technology, COBIT is the best instrument for integrating with government rules, and MSPs should be sure to be familiar with these standards. Overall, COBIT gives CIOs and other IT executives a tool to prove ROI on an IT project.
It’s also possible for MSPs to become COBIT-certified. By becoming well-versed in IT governance best practices generally, it’s possible to monitor performance, gain insight into how technology serves the customer, and continuously evolve IT to grow with the company.
Getting started with IT governance
How do you know which IT governance best practices are right for your business? There are many factors to consider in developing your framework as an MSP. First, figure out what your specific need is: What is lacking in your current IT implementation? Are you most concerned with data protection, extending the performance of equipment, or something else?
Then, consider what you know about you customers’ business goals and KPIs. This includes acknowledging where your current systems are weak and what investments you will need to make to put your IT governance plan into action for those customers. What does success look like when you have the right tools and policies in place? Think about what you wish to achieve: increased security, streamlined systems, or just a morale boost? Lastly, IT compliance involves a system of monitoring and evaluation: What will you measure, and how will you know if your governance program is successful? These insights can help you map out which IT governance framework will bring you the most benefits.
Still have questions about IT governance? Explore our resource center for more information regarding IT governance best practices.